802.11/Wi-Fi® Security

Last modified by Microchip on 2023/11/09 08:55

802.11 security frameworks are only concerned with over-the-air security (i.e. station to AP).

For station-to-station security, an application-layer solution, like SSL/TLS needs to be used.

Goals

What are the goals of any security framework?

  • Communicate sensitive data (Goal: Data Privacy/Confidentiality)
    • Address snooping or eavesdropping
  • Guarantee data is unmodified (Goal: Data Integrity)
    • Address tampering (man-in-the-middle attacks)
  • Assure source of data (Goal: Data Authenticity)
    • Address redirection (man-in-the-middle attacks)

Available Frameworks

Options: WEP40/104, WPA-PSK (Preshared Key), WPA/2-PSK, WPA/2-EAP (Extensible Authentication Protocol).

  • WEP involves entering a phrase or hex equivalent (5 for WEP40 or 13 Bytes for WEP104):
    • Not very secure, easily broken
    • Best case for ad-hoc networks
  • WPA-PSK uses TKIP:
    • Not very secure, easily broken
  • WPA/2-PSK uses 802.1x AES:
    • Involves a changing key pair, it is started with a key calculated with SSID and phrase
  • WPA/2-EAP has several different application methods.

Best Practices

  • Use WEP, WPA?
  • WPA/2 is the current standard Wi-Fi®-certified security framework.
    • PSK (Personal) Mode:
      • Small (Residential/SOHO), or transient network
      • Supported by most Wi-Fi® solutions today
    • EAP (Enterprise) Mode:
      • Large, permanent network
      • EAP protocol processing capability is becoming available to stations